Interview: BT on securing cooperation between government and industry

Rajiv Shah is the new Director of Government Cybersecurity for BT, Australia. Coming from BAE Systems, he has been tasked to grow the BT Security business across A/NZ.

“What attracted me to BT is the scope and capability of their security apparatus. BT runs international telecommunications networks, and protects those networks from attack in more than 180 different countries. In terms of observing the evolving threat landscape, and staying one step ahead, BT has an unprecedented amount of information and visibility. That ringside view, combined with our technical capabilities gives us the opportunity to make a substantial difference in the industry.”

BT is one of the world's largest telecommunications firms. In October, they announced a data-sharing agreement with INTERPOL to aid the combat of international cyber-crime — the first agreement of its kind. MitchelLake’s Robin Block sat down with Rajiv to understand how BT is partnering with the Australian Government, discuss their Australian R&D initiatives and gain insight into the future of the industry.

What are BT’s ambitions in cybersecurity and Australia?

Rajiv: Collaboration and threat sharing, particularly between government and industry, is a major focus for BT — such as the information sharing agreement we just signed with INTERPOL. Our goal is to understand our customers, understand their challenges, and help them find solutions.

Whether our clients are government or commercial, our goal is to help them improve security. Cybersecurity is a journey — there is no destination where you can declare victory. It is key for any organisation to understand where they are on that journey to be able to correctly diagnose their problems. There is only ever a finite security budget, so we need to understand the likely targets and methods, and use that information to invest efficiently.

BT has recently announced the creation of an R&D cybersecurity centre here in Sydney — aiming to recruit 170+ people over the next few years. A significant attraction of that programme is that it gives people an opportunity to work in the commercial sphere and with government, delivering solutions and engaging in R&D.

Bringing together that range of people to work alongside each other, and providing opportunities for people to move between different parts of the company, not only encourages cross vertical innovation, it can be an attraction compared to working for an organisation that only makes one main product.

This will allow us to build our own talent pool in Australia, and is a great opportunity for both the company and Australian workers. ‘Great’ looks like BT being known in Australia as a key player in the security market and a supporting partner of the Australian Government.

What do you think of the Australian market — how does it compare to Europe and the US?

Rajiv: Australia is a smaller market than the US or UK. However, that means it can be easier to make an impact and cut through the noise. The publishing of the Government cybersecurity strategy last year was a big step. It laid out a blueprint for how government and industry can work together.

The new mandatory breach notification legislation is a significant change in the Australian regulatory market that will, at the very least, set a common standard to which everyone will be held. That will allow the people that need to know about a breach to gain that information without single companies putting their market value at risk by coming forward .

There is an educated and skilled talent pool here. Our Chief Engineer of Cybersecurity is based in Sydney. The experience I have had building teams in Australia is that is can be difficult to recruit — but, the people with the right skills are here, you simply have to go out and find them.

What do you see as the main changes in cybersecurity — does market hype get in the way of development?

Rajiv: Hype always gets in the way, and there is a lot of noise in the marketplace. However, I am inclined to say that the industry is finally moving past ‘peak hype’. I see a lot of maturity in the conversations being had — people know how to ask the right questions. Effective cybersecurity is the key to enabling change and transformation in a business. I think that the days of security being the department of ‘no’ are gone — it is now about how.

Artificial intelligence and machine learning are the big changes taking place. It won't create something that can magically solve all security problems — but, there is a huge amount of data out there. If we can understand and analyse that data, it will be vital to preempting threats. If you look further afield, the massively disruptive technology on the horizon is quantum computing. Fundamentally, if people start to deliver on the proposed capabilities, it is going to disrupt the entire area of cryptography from both a threat and security standpoint.

There is always something of an arms race occurring in cybersecurity. I would never say anyone is moving fast enough. Pooling information allows for the aggregation of a big-picture and an understanding of broad vulnerabilities. I think BT is in a great position to help identify and respond to the developments that will continue to take place.